The use of mobile devices has rapidly increased in recent years. For example, mobile device users now have the capability to make payments using their mobile phone. While mobile payments provide a convenient tool for a consumer, mobile payments may also present security concerns. Sensitive information, such as a consumer's personal information, account information, etc. can be prone to interception. Additionally, if the mobile device is lost or stolen, such information can be used by an unauthorized user. Furthermore, as mobile payment applications evolve, there is a need not only to protect information sent from the mobile device, but also to protect information sent to the mobile device during transmission.
For example, when payments are made using a physical card with an embedded chip, the issuer associated with the payment card can update data in the chip during the course of a payment transaction. Chip data may be returned in the payment transaction response that contains authentication data or scripts for updating risk parameters and payment counters in the chip payment application. These issuer updates require the card to be inserted into a contact point-of-sale terminal. If a mobile device is used as a payment device, the mobile device cannot be inserted into a point-of-sale terminal to conduct a contact point-of-sale transaction and to receive issuer updates. Thus, there is an additional need for an issuer update solution for mobile devices that are used as payment devices.
Embodiments of the present technology address these and other problems.